[Git][security-tracker-team/security-tracker][master] Reserve DLA-3154-1 for node-xmldom

Tue, 18 Oct 2022 08:00:09 -0700 


Emilio Pozuelo Monfort pushed to branch master at Debian Security Tracker / 
security-tracker


Commits:
67279254 by Emilio Pozuelo Monfort at 2022-10-18T16:59:36+02:00
Reserve DLA-3154-1 for node-xmldom

- - - - -


3 changed files:

- data/CVE/list
- data/DLA/list
- data/dla-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -14468,7 +14468,6 @@ CVE-2022-37617 (Prototype pollution vulnerability in 
function resolveShims in re
 CVE-2022-37616 (A prototype pollution vulnerability exists in the function 
copy in dom ...)
        - node-xmldom 0.8.3-1 (bug #1021618)
        [bullseye] - node-xmldom <no-dsa> (Minor issue)
-       [buster] - node-xmldom <no-dsa> (Minor issue)
        NOTE: https://github.com/xmldom/xmldom/issues/436
        NOTE: 
https://github.com/xmldom/xmldom/security/advisories/GHSA-9pgh-qqpf-7wqj
        NOTE: Fixed by: 
https://github.com/xmldom/xmldom/commit/6956ec406fd4658dfb028a327c7a39238b24c3cd
 (0.9.0-beta.2)


=====================================
data/DLA/list
=====================================
@@ -1,3 +1,6 @@
+[18 Oct 2022] DLA-3154-1 node-xmldom - security update
+       {CVE-2022-37616}
+       [buster] - node-xmldom 0.1.27+ds-1+deb10u1
 [17 Oct 2022] DLA-3153-1 libksba - security update
        {CVE-2022-3515}
        [buster] - libksba 1.3.5-2+deb10u1


=====================================
data/dla-needed.txt
=====================================
@@ -117,10 +117,6 @@ netatalk
 node-tar
   NOTE: 20220907: Programming language: JavaScript.
 --
-node-xmldom (Emilio)
-  NOTE: 20221018: Programming language: JavaScript.
-  NOTE: 20221018: Maintainer prepared an update.
---
 openexr
   NOTE: 20220904: Programming language: C++.
   NOTE: 20220904: Should be synced with Stretch. (apo)



View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67279254ff9c40c5245d6ef1410ed7c4c9690b81

-- 
View it on GitLab: 
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/67279254ff9c40c5245d6ef1410ed7c4c9690b81
You're receiving this email because of your account on salsa.debian.org.



_______________________________________________
debian-security-tracker-commits mailing list
debian-security-tracker-commits@alioth-lists.debian.net
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits

Reply via email to